Monitoring vHSM with Grafana
Learn to monitor the performance and usage of vHSM server with Grafana.
Last updated
Was this helpful?
Learn to monitor the performance and usage of vHSM server with Grafana.
Last updated
Was this helpful?
You can gain insights into vHSM's performance and usage to support proactive incident response and understand business workloads. Operators and security teams must monitor for conditions that may impact performance or signal security issues requiring immediate attention.
Monitoring vHSM with Grafana involves these steps:
Monitor in Grafana
Install Docker
Set the environment variable for ENCLAIVE_LICENCE
Download the vHSM docker image
Download the vHSM CLl
Create the required directories and set the environment variable for these paths.
Create a Docker network named learn-vhsm that is used by all containers.
Set the environment variable for ENCLAIVE_LICENCE .
Start the vHSM server in a Docker container
The /sys/metrics endpoint in vHSM requires authentication. To let Prometheus access it, create a prometheus-metricsACL policy with read access to the endpoint.
The output is:
Create a token with the prometheus-metrics policy for Prometheus to access vHSM metrics, and save its ID to the prometheus-token file in the Prometheus config directory.
Create prometheus.yml in $LEARN_VHSM/prometheus-config/ to define a vhsm scrape job with the vHSM API endpoint, token path, and server IP with port.
Pull the Prometheus image.
Start the Prometheus container using volume mounts that point to the configuration file and token file.
Verify that Prometheus is ready to receive requests.
The log should contain an entry like this one.
Create a Grafana config datasource.yml file in $LEARN_VHSM/grafana-config/to set Prometheus as the data source.
Pull the latest Grafana image.
Start the Grafana container.
Verify that the Grafana container is ready.
The log should contain an entry similar to:
You can also optionally check once more to verify that all containers are up and running.
The output should resemble this example:
To monitor your vHSM server in Grafana UI you need to download the vhsm-test.json example file.
Open your browser and go to: http://localhost:3000
Login to Grafana with the Username: admin and Password: admin
In the Dashboards page select New → Import
Choose one of the following:
Upload JSON file (click Upload JSON file and select your vhsm-test.json file), or
Paste JSON content into the textbox.
Select the Prometheus data source when prompted.
Click Import.
You will be redirected to the imported dashboard where you can now:
View the vHSM cluster health
Monitor Audit Logs
Create a config.json file in $LEARN_VHSM/vhsm-config/that provides the configuration for the vHSM server . This config starts the vHSM server with a non-TLS TCP listener on port 8200, stores data in /vhsm/data, and enables with 12h retention and no hostname.
Note: Verify the server and the vHSM server.